Device Management Policy
1.0 Purpose
This policy defines the management of University owned devices to ensure compliance with cyber security standards.
2.0 Scope
This policy applies to all University owned laptops, computers, tablets, and mobile devices, regardless of operating system.
3.0 Policy
3.1 All University owned devices must be registered with an endpoint management solution.
- Microsoft Intune – Windows and Android
- Jamf – MacOS and iOS
- Landscape – Ubuntu Linux
3.2 Software will be deployed through centralised systems which will allow software to be installed and maintained without needing local administrator rights. These will also enable proactive vulnerability management to ensure our cyber security risk is reduced wherever possible.
3.3 Local administrator account passwords will not normally be available for users. Exceptions will only be made when specific criteria are fulfilled and the approval of Information Services has been given and recorded
3.4 Devices must:
- be supported by the vendor
- have operating system security updates applied in accordance with the Vulnerability Management Policy
- have anti-virus and anti-malware software always enabled and updates applied hourly
- have a software firewall configured and enabled
- have all installed software be compliant with the Software Management Policy
- be reset and wiped by Information Services before they are re-issued to another user
- be returned to Information Services for reuse or secure disposal when no longer needed
3.5 Devices which do not conform with these requirements will be treated as BYOD devices or placed onto restricted networks.
This Policy is maintained by Information Services, was last reviewed in July 2023 and is due for review in August 2025